startup-idea-validation
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes untrusted data (user-provided ideas and data from other agent skills like 'startup-review-mining'). While this constitutes an ingestion surface, the skill lacks any executable capabilities, file-writing tools, or network access that could be exploited via injection. The risk is limited to the reasoning output provided to the user.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or network transmission commands were detected. The skill operates entirely within the local reasoning context.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include or reference any external code packages (Python/Node.js) or remote script execution patterns (e.g., curl | bash).
Audit Metadata